Installation Guide Version 3.0

SIMS Teacher app Installation Guide Version 3.0

Step-by-step guide needed to install and configure the SIMS Teacher app service for a school Version 3.0 Information use and disclaimer The information contained within this SIMS Teacher app Installation Guide should not be distributed, shared, reproduced, in any material form (including photocopying or storing it in any medium including by electronic means and whether or not transiently or incidentally) without the written permission of Capita Children s Services. Whilst every effort is made to ensure the technical accuracy of the information contained within this document Capita Children s Services is not responsible for, and does not accept any liability in respect of, any claims, losses or damages (howsoever they arise) made or incurred by any persons or bodies as a result of using the information contained within this document. 2015 Capita plc. Capita Children s Services Franklin Court Stannard Way Priory Business Park Cardington BEDFORD MK44 3JZ www.capita-sims.co.uk Capita Children s Services Page 1 of 26

Contents Introduction... 3 About this document... 3 Related documents:... 3 About the SIMS Teacher app... 3 About the SIMS Teacher app installation... 3 SIMS Teacher app Technical pre-requisites... 4 SIMS system... 4 SIMS Teacher app communication with Microsoft Azure... 4 Supported platform operating systems/devices:... 5 Teacher app installation pre-requisites... 5 Teacher app administration pre-requisites... 6 Getting started with the installation... 7 Overview... 7 Step 1: Check the pre-requisites for the SIMS Teacher app service... 7 Step 2: Ensure you have the school s Teacher app activation email... 8 Step 3: Access the Teacher app management setup site... 8 Step 4: Download the SIMS Teacher app setup (deployment) package... 10 Step 5: Create an External Access Account... 11 Step 6: Apply the SIMS Teacher app licence patch:... 12 Step 7: Configure the SIMS Services Manager with the activation key... 13 Checking the SIMS Teacher app management console... 17 Accessing the Teacher app management console... 17 What s next?... 19 Registering a school email address to create a Microsoft or Google account... 20 How to register your school email address to create a Microsoft Account... 21 How to register your school email address to create a Google Account... 22 Office 365 Active Directory Integration with the SIMS Teacher app... 23 About the SIMS Teacher app and Office 365 Integration... 23 Pre-requisites... 23 Support included for the SIMS Teacher app service... 24 SIMS Teacher app Security and Authentication... 25 Authentication... 25 Security... 25 Device security... 25 Device loss... 26 Two-factor (2-FA) authentication for Administrator and Teacher Access... 26 Capita Children s Services Page 2 of 26

Introduction About this document This document is intended to provide a useful reference to support the installation and configuration of the SIMS Teacher app service from Capita Children s Services (CCS). Related documents: SIMS Teacher app Technical Overview SIMS Teacher app Administrator Guide SIMS Teacher app Office 365 Integration Guide SIMS Teacher app Teacher Getting Started Guide About the SIMS Teacher app The SIMS Teacher app service is the provision of a tablet application and supporting secure data services that integrate with a school s SIMS system for the use of specifically enabled business processes to support teaching activities. The SIMS Teacher app allows teachers that have been given authorised access to record attendance, behaviour achievement and assessment data, plus access limited student information through a tablet device. About the SIMS Teacher app installation The SIMS Teacher app has been designed to support a self-service installation and setup process, which means that Capita SIMS do not complete the installation or setup of the Teacher app for the school. The necessary files to enable the SIMS Teacher app service are available for the school as part of the sign-up and activation process and should be configured by the school s SIMS IT technical support team. Once the Teacher app services have been successfully configured the school will be able to get started with the Teacher app in school. The school s data is provisioned and updated in real-time as part of the Teacher app service there is no scheduled data synchronisation or manual refresh required for the Teacher app. The school will have access to a web-based SIMS Teacher app management console this will allow an administrator at school to manage access for teachers including activating devices and also activating teacher accounts to use the Teacher app for their school. The SIMS Teacher app utilises the SIMS Services Manager to provide the data-interoperability element of the service. The SIMS Services Manager provides the link between the Teacher app service and the school s SIMS system. Please note: the installation and setup of the SIMS Teacher app and SIMS Services Manager should be completed by a person with operational technical knowledge of the SIMS database for your school. The person who completes the installation will need to have: 1. Access to the schools SIMS SQL database 2. SA (system administration) permissions to apply the licence patch using dbupgrade 3. Access to the SA password for your SIMS SQL instance if the account you are logging into the server with does not have SQL System Admin permissions 4. Admin level access to the school s SIMS system Capita Children s Services Page 3 of 26

SIMS Teacher app Technical pre-requisites SIMS system The SIMS Teacher app can be used alongside the following versions of SIMS: SIMS 2015 Spring release and SIMS 2015 Summer Release A SIMS Server that meets the Capita Children s Services recommended specification, which is available on the My Account portal or on request..net Framework 4.5.2 installed (Full Profile) is required on the server hosting the service this is automatically installed as part of the SIMS Service Manager A local or domain user account will be needed to run the service. Connectivity to the SIMS SQL Server SIMS Teacher app communication with Microsoft Azure The SIMS Teacher App utilises the Microsoft Azure Service Bus for the secure, encrypted transmission of data. The SIMS Teacher App uses the Europe North presence in the Microsoft Azure Service Bus platform. The SIMS Teacher App requires internet connectivity (https connectivity) from the SIMS server to permit HTTP GET, HTTP POST and HTTP 1.1 Chunked Transfer Encoding - the SIMS Teacher App service will access the following URLs: https://www.simsteachermanagement.co.uk https://www.simsteacherappactivation.co.uk https://setup.capita-sims.co.uk https://simsmobile.servicebus.windows.net https://www.capitacloudplatform.co.uk Note: these URLS should be whitelisted where a proxy server is restricting access. The Teacher App service communicates to the Azure Service Bus via the following TCP destination ports: 443/tcp Additionally, Microsoft advise allowing/opening the following TCP destination ports if connecting to the Azure service bus from behind a firewall or proxy server: 5671 5672 9350 9351 9352 9353 9354 The SIMS Teacher App utilises the Microsoft Azure Service Bus Europe North presence in the Microsoft Azure Service Bus platform. The Azure Service Bus (Europe North) is identified by the following IP address blocks. 213.199.128.0/20 213.199.160.0/20 213.199.184.0/21 Capita Children s Services Page 4 of 26

94.245.112.0/20 94.245.88.0/21 94.245.104.0/21 65.52.64.0/20 65.52.224.0/19 157.55.3.0/24 For successful communication between the SIMS Server and Microsoft Azure Service Bus, any firewall configuration must allow outbound access to the above IP/port specification and permit related responses. It is not necessary to allow unsolicited ingress from these IP addresses. Supported platform operating systems/devices: The SIMS Teacher app is compatible with the following platform operating systems and devices: Apple ios versions ios 7 & ios 8 o ipad 2 o Third-Generation ipad o Fourth-Generation ipad o ipad mini o ipad Air 1 and 2 Windows 8.1 and Windows RT tablet devices Due to the increasing number of Windows tablet devices available, we are unable to test the Teacher app on every single one, but we have carried out successful tests on a number of major devices. Android OS version 4.4.2 or above tablet devices Due to the increasing number of Android tablet devices available, we are unable to test the Teacher app on every single one, but we have carried out successful tests on a number of major devices. The SIMS Teacher app is not compatible or supported on Amazon Kindles or Google Chromebooks. Devices Capita SIMS does not provide devices (ipads or other devices) as part of the Teacher app service schools are required to provide the devices to be used. Teacher app installation pre-requisites The person who completes the installation and configuration of the Teacher app services will need to have a valid Microsoft Google or Office 365 account the same account details used to install and configure the Teacher app will also be used by the school administrator accessing the Teacher app management console. NOTE: if you are installing the Teacher app on behalf of a school the Microsoft Google or Office 365 account that is used to complete the installation will need to be provided to the school administrator to access the Teacher app management console. The SA password for your SIMS SQL instance if the account logging into the server with does not have SQL Sys Admin permissions Credentials for a SIMS user with admin level access to SIMS. Capita Children s Services Page 5 of 26

Teacher app administration pre-requisites The school administrator who will administer the SIMS Teacher app within the school will require: 1. SIMS system admin login details (SQL login details not Windows of Active Directory) The login details can be existing SIMS SQL login details or can be created by using the External Access utility which is included as part of the Teacher app setup files. 2. A valid Microsoft Google or Office 365 account. Note: If using an Office 365 account for administrator access to the Teacher app, the admin will need to first associate their Office 365 Active Directory with the Teacher app via the Azure Active Directory Synchronization Services. Information on how to do this is available in the Teacher app Office 365 Integration Guide. 3. Internet access and the use of a latest supported internet browser: Internet Explorer, Chrome, Firefox or Safari. Capita Children s Services Page 6 of 26

Getting started with the installation Overview The installation and configuration of the SIMS Teacher app service for the school should be completed by the school s SIMS IT support. The installation process is as follows, which is detailed within this section: Step 1: Check the SIMS Teacher app pre-requisites and ensure the required URLs are whitelisted and ports opened if accessing from behind a firewall Step 2: Ensure you have the school s Teacher app activation email Step 3: Access the Teacher app management setup site Step 4: Download the SIMS Teacher app setup (deployment) package Step 5: Create an External Access Account Step 6: Apply the Teacher app licence patch Step 7: Configure the SIMS Services Manager with the activation key Step 1: Check the pre-requisites for the SIMS Teacher app service Before starting please refer to the pre-requisites section of this document to ensure you have everything ready; this includes your version of SIMS and a valid Microsoft Google or Office 365 account. IMPORTANT: When installing and configuring the SIMS Teacher app, you will need to access the setup site using a valid Microsoft or Google account. The same Microsoft, Office 365 or Google account details used to complete the setup for the school will be needed by the school administrator to access the Teacher app management console. Please ensure that your Microsoft, Office 365 or Google account that can be provided directly to the school or has been provided to you by the school to complete the installation on their behalf. Capita Children s Services Page 7 of 26

Step 2: Ensure you have the school s Teacher app activation email To complete the installation of the Teacher app service for the school, you will need the email that was sent from Capita SIMS (noreply@simsteachermanagement.co.uk) to the school contact. This email contains a unique activation link for the school s setup. You can only complete the setup for the school if you have this email and link. The school s activation email will look like this: SIMS Teacher app Order Confirmation Green Abbey School https://setup.capita-sims.co.uk/activate/8f8a2f58face4ebaae78c6443f046387 Step 3: Access the Teacher app management setup site The activation link within the school s email is included in the section: STEP 1: INSTALLING & SETTING UP THE SIMS TEACHER APP SERVICE. The activation link will start with https://setup.capita-sims.co.uk/activate and have a string of numbers and letters at the end of the link these are unique to the school. IMPORTANT: 1. Before clicking this link please ensure you are fully SIGNED-OUT of any other identity provider in your browser, e.g. GMAIL or Hotmail. We recommend you copy the link and paste into a private or incognito browser view. 2. When accessing the SIMS Teacher app setup management site, you will need to use a valid Microsoft or Google account. The same Microsoft, Office 365 or Google account used to complete the setup for the school will be needed by the school administrator to access the Teacher app management console. Please ensure that your Microsoft, Office 365 or Google account that can be provided directly to the school or has been provided to you by the school to complete the installation on their behalf. https://setup.capita-sims.co.uk/activate/8f8a2f58face4ebaae78c6443f046387 Capita Children s Services Page 8 of 26

1. The SIMS Teacher app management setup site front screen will appear: 2. Please select either the Sign in with Microsoft OR Office 365 or Google login option Note: if using the Office 365 option you will first need to associate your Office 365 Active Directory with the Teacher app please refer to the Teacher app Office 365 Integration Guide on how to do this. 3. If you choose the Microsoft account login option, you will see a page asking for permission to use your email address for the SIMS Teacher app access. Please click on Yes 4. If you choose the Google account login option, you will see a page asking for permission to use your email address for the SIMS Teacher app access. Please click on Accept Capita Children s Services Page 9 of 26

Step 4: Download the SIMS Teacher app setup (deployment) package 1. On the screen title You need to activate your school services, please click on the link: 1. Download your SIMS Teacher app School Services Deployment Package. 2. The Teacher app deployment package will automatically download from the management site - please save it to a folder on your SIMS server. You may see a window appear asking if you wish to Open or Save the folder please save to a location on your SIMS Server. **Leave this browser page open** 3. Unzip the downloaded Deployment Package folder. The download Deployment Package folder will contains the following 3 files that will be needed: patch 19528 (ssm teacher app licence).zip The licence patch that is needed to activate the Teacher app services for the school. You will need to unzip this folder to access the patch. ActivationKey.txt Contains the unique security key for the school s SIMS Teacher app Services SIMS ExternalAccessAccount.zip This file contains the SIMSExternalAccessAccount.exe utility, which creates the External Access Account that is needed to provide access from the SIMS Teacher app services to access the school s SIMS system. You will need to unzip this folder to access the utility. Capita Children s Services Page 10 of 26

Step 5: Create an External Access Account The External Access Account is needed to provide access from the SIMS Teacher app services to access the school s SIMS system. Launch the SIMSExternalAccessAccount.exe utility using the Run as Administrator option to create a new account called SSMConnector. SQL \Select the SIMS SQL instance. If your logged on account does not have SQL access choose SQL as the Authentication method and enter the details of the SQL SA account. Then click on Next. Ensure the correct SIMS database is selected and click Next. Choose to create a new account and click Next. Capita Children s Services Page 11 of 26

Enter the name SSMConnector and click Next. IMPORTANT: Make a note of the username and password in a secure file and click Close. Step 6: Apply the SIMS Teacher app licence patch: IMPORTANT: PLEASE READ BEFORE APPLYING THE LICENCE PATCH (1) We advise you to apply the Teacher app licence patch to the school s SIMS system outside of normal school hours in order to minimise any possible disruption to the operation of SIMS for the school. (2) Please use the dbupgrade to run the patch on the school s SIMS server You MUST ensure the patches are applied using SA (system administration) mode this is very important to avoid any issues when applying the patches. Failure to apply the patch in SA (system administration) mode may cause an error and you may have to restore your SIMS database from an earlier backup. From the Deployment Package folder, please apply the patch Patch 19528 (ssm - teacher app licence) to the school s SIMS system using SA (system administration) mode, which we would advise to apply outside of normal school hours in order to minimise any possible disruption to the operation of your SIMS system Once the patch has been successfully applied, please proceed to the next step. Capita Children s Services Page 12 of 26

Step 7: Configure the SIMS Services Manager with the activation key The following section details the configuration of the SIMS Services Manager (SSM) for the Teacher app services. The SSM provides the data-interoperability element of the service and provides the link between the Teacher app service and the school s SIMS system. The SIMS Services Manager was automatically delivered as part of the SIMS 2014 autumn release. Centrally hosted environments can use the SIMS Services Manager user interface as above to setup all of the connection and school information per site. Alternately, the support team can edit the settings.xml file located in the \ProgramData\SIMS\SIMS Services Manager. This is recommended if there are multiple sites to manage. Further information about the SIMS Services manager is available through the SupportNet portal. Configuring the SIMS Services Manager for the Teacher app: 1. On the SIMS Server, browse to http://localhost:50000, or use the SIMS Services Manager desktop shortcut. If you see the screen on the left (the SSM homepage) then skip to point 6. Manage Packages. If you see the screen on the right (the SSM Schools page) then continue with the following instructions 2. Click + Add. <-- Enter your school name here --> 3. Enter school SIMS server and database details 4. IMPORTANT: please untick Windows Authentication. <-- Enter your server name here --> <-- Enter your database name here --> 5. Enter details of the external access account created earlier (SSMConnector). 6. Click Save. Capita Children s Services Page 13 of 26

Green Abbey School 7. Confirm school has been added. Then click on Home on the top menu. 8. Click Apply all Changes. 9. Click Manage Packages. 10. Select both packages and click Install Selected 11. Click Close 12. Keep refreshing the page until both packages show a status of Started. **Leave this browser page open** Capita Children s Services Page 14 of 26

Run START > Programs > SIMS Applications > SIMS Services Manager Helper Green Abbey School If your logged on account does not have SQL access select the SQL Server Authentication option and enter the details of the SQL SA account. Click Create and Grant to assign permissions on new stored procedures to the external access account. Verify rights have been granted by checking the messages at the bottom. Enter the school s unique Teacher app security key The next step is to enter the unique security key for the school s SIMS Teacher app Services. 1. Within the downloaded deployment package folder open the Accesskey.txt file. 2. Copy the activation key from this file to the clipboard 3. Go back to the SIMS Services Manager (http://localhost:50000) console and refresh the page: Verify the packages are still started. Then click on the Options button for the Login Service for Teacher app package: Capita Children s Services Page 15 of 26

4. Click the cog icon Green Abbey School 5. Enter the activation key (previously copied from AccessKey.txt) `Please ensure there is are no spaces at the end of the activation key when entering into this field 6. Click Save. 7. Click Save. 8. Click Home on the SIMS Services Manager site 9. Restart the SIMS Services Manager services by clicking the Apply All Changes on the home page of the SIMS Services Manager. 10. Go back to the browser page where you downloaded the deployment package 11. Click The above has been done link. Capita Children s Services Page 16 of 26

Checking the SIMS Teacher app management console Once the Teacher app has been successfully installed and configured, the Teacher app should be ready to use by the school. In order to check this, access the Teacher app management console to ensure a list of teachers from the school can be see within the management console. Accessing the Teacher app management console 1. To access the Teacher app management console, please access the following URL: https://setup.capita-sims.co.uk The Teacher app management console will display as below in your browser: 2. Please select either the Microsoft, Office 365 or Google sign in option 3. Please enter your Microsoft, Office 365 or Google account details when prompted. NOTE 1: The Microsoft, Office 365 or Google account details entered must be the same as used when the Teacher app services were installed and configured. NOTE 2: If using an Office 365 account for administrator access to the Teacher app, the admin will need to first associate their Office 365 Active Directory with the Teacher app via the Azure Active Directory Synchronization Services. Information on how to do this is available in the Teacher app Office 365 Integration Guide. Capita Children s Services Page 17 of 26

TROUBLESHOOTING: If you login with your Microsoft, Office 365 or Google details and are then presented with a screen as below this means that the management console does not recognise the access details you have entered. Please check that you are using the same Microsoft, Office 365 or Google account details that were used to install and activate the Teacher app service. [Your email address] is not associated with a school 4. If your Microsoft, Office 365 or Google access details are successfully entered and verified, you will be prompted to enter your SIMS username and password. Please enter your details and click Login 5. Following successful login, you will now access the standard Teacher app management console. The console will provide a full list of the teachers currently available from the school s SIMS system Capita Children s Services Page 18 of 26

What s next? If you are installing the Teacher app on behalf of a school, please advise the school to refer to the SIMS Teacher app Administrator Guide to activate devices and teacher accounts. If a colleague within your school will be administering the devices and activating teacher accounts please refer them to the SIMS Teacher app Administrator Guide. Capita Children s Services Page 19 of 26

Registering a school email address to create a Microsoft or Google account If a teacher or administrator already has a valid Microsoft or Google account, their account can be used to access the SIMS Teacher app using the same username and password. Alternatively, we advise schools to register their existing school email address and their own password to create a Microsoft or Google account for free. Why do school administrators and teachers need a Microsoft or Google account to access the SIMS Teacher app? Capita have chosen to use Microsoft Account (previously Windows Live) and Google accounts, as many teachers will already have one of these accounts. This has the added advantage that teachers don t have to remember different usernames and passwords and they are always in control of your own access details. The SIMS Teacher app uses the Microsoft/Google account for safety and to provide secure authentication when you log in to the App we do not require any additional information from your Microsoft account, only what is needed for authentication. When teachers first access the SIMS Teacher app, they will be required to choose either a Microsoft or Google account to authenticate their Teacher app account with. Once this has been done the teacher will be required to enter an activation code supplied by the school administrator plus a secondary piece of data from SIMS. Once the successful activation has been completed, each time the teacher logs into the Teacher app, they will be required to sign-in with their selected Microsoft or Google details. Can school administrators and teachers use their existing school email address for a Microsoft/Google account? Yes when creating a Microsoft/Google account school administrators and teachers can use their own school email address (it does not have to be a Microsoft email address) and use their own password. School administrators and teachers who already have Google or Microsoft accounts can use their existing access details for the Teacher app. Please see the following sections if you or a teacher needs to register their email address to create a Microsoft or Google account: How to register your email address to create a Microsoft Account How to register your email address to create a Google Account Capita Children s Services Page 20 of 26

How to register your school email address to create a Microsoft Account If a new Microsoft Account is needed, this can be created quickly and is free: 1. Please access https://signup.live.com 2. Use your current email address, e.g. john.smith@greenabbey.sch.uk and fill out the form you can use your existing password if required: IMPORTANT NOTE After you sign up, Microsoft will send you a message with a link to verify your username you will need to verify the link Microsoft send to you before your Microsoft Account is activated. Once the Microsoft Account has been created and verified, it can be used to access the Teacher app. Capita Children s Services Page 21 of 26

How to register your school email address to create a Google Account To create a new Google Account: 1. Please access https://accounts.google.com/signup 2. To use your current email address, e.g. john.smith@greenabbey.sch.uk please select the option: I prefer to use my current email address 3. Please fill out the form you can use your existing password if required 4. Press the Next step button and follow the on-screen instructions Capita Children s Services Page 22 of 26

Office 365 Active Directory Integration with the SIMS Teacher app About the SIMS Teacher app and Office 365 Integration Many schools are now using Office 365 and with the SIMS Teacher app teachers can use their Office 365 account details to login to the app. This means that teachers don t need to remember multiple usernames or passwords; for example login details to their email and office applications and separate login information for the Teacher app. This saves time, frustration and allows for a more seamless user experience and easier user account management for the school. The SIMS Teacher app allows the school to associate their Office 365 Active Directory with the Teacher app via the Azure Active Directory Synchronization Services. This integration allows teachers who are provisioned and active within the school s Office 365 Active Directory to login to the Teacher app using their existing Office 365 username and password. Pre-requisites It is expected that the following pre-requisites are in place before linking the school s Office 365 Active Directory to the SIMS Teacher app: Office 365 has already been successfully setup within the school and provisioned user access details to the school s teaching staff. Administrator permissions of your Office 365 Active Directory, or access to your school s Office 365 Administrator to complete the integration approval step. The SIMS Teacher app has been ordered and the school has received their activation and setup details. Please refer to the SIMS Teacher app Office 365 Integration Guide for step-by-step instructions on how to associate the school s Office 365 Active Directory with the SIMS Teacher app. Capita Children s Services Page 23 of 26

Support included for the SIMS Teacher app service The SIMS Teacher app service subscription includes support from Capita Children s Services to help schools when needed. The support service for the Teacher app includes telephone, email, web and remote support to support your SIMS Teacher app at school. Support services provided by Capita Children s Services Support provided as part of the Teacher app service covers: Support for the Teacher app software for tablet devices ios, Windows and Android platforms Support for the Teacher app management console Support for the SIMS Services Manager Support for the SIMS Teacher appm data services Support services not provided by Capita Children s Services Support provided as part of the Teacher app service does not include the following: Support for the device or hardware, including operating system, MDM (Mobile Device Management) system or other 3 rd party non-sims apps, services or management tools Support for setting up, managing or administering Microsoft or Google accounts or the school s Office 365 active directory Support for the technical environment, network or infrastructure, for example: o Support for the school s Network or Wi-Fi connectivity either in school or via an external provider o Support for the school s Proxy or Firewall connections either in school or via an external provider Enhanced Support provided by Capita Children s Services Support coverage for customers with an Enhanced Support contract will be determined by the level of support purchased as part of their Annual Entitlement. However, this does not include support of ios Apple, Android or Windows devices or hardware. Capita Children s Services Page 24 of 26

SIMS Teacher app Security and Authentication Authentication The SIMS Teacher app service provides authentication in accordance with the UK government s National Technical Authority for Information Assurance (CESG) Guidance for End User Devices Security Guidance: General Security Recommendations : 1. User to service: The user is only able to access the SIMS Teacher app service after successfully authenticating to the service, via their device. 2. Device to service: Only devices which can authenticate to the SIMS Teacher app service are granted access. Security The SIMS Teacher app is a securely hosted web delivered service, with data securely transferred in real-time and encrypted between the school s SIMS system (locally or centrally hosted) via the web using standard secure HTTPS TCP/IP protocols to devices authenticated by the school. No school data is stored in the Azure platform (cloud) data is only transferred via the Microsoft Windows Azure platform (Service Bus). All data is securely transferred and processed within the EU and complies with UK data protection standards and requirements. Setup.capitasims.co.uk All traffic to and from the SIMS Teacher app service is accessed using standard web protocols (HTTPS) and secured using the appropriate SSL certificates. Services are tiered following industry and software vendor best (Management practice principles. and signup The network architecture is compliant to ISO27001 and utilises website) a multi-tier isolated VLAN design with fully managed software firewalls on each server, IDS/IPS, SQL firewalls, data encryption and load balancing to ensure security and performance for all users of the SIMS Teacher app service. The SIMS Teacher app service is fully penetration tested at the application layer and externally by a nominated Security company every quarter. Device security Capita SIMS recommends that the school has additional security policies in place to include the use of devices containing school data inside and outside of school premises. Furthermore, it is strongly recommended that the school incorporates additional device security measures that enable the school to remotely wipe, disable and locate a device. Schools are advised to implement fully a MDM (Mobile Device Management) service allowing for centralised management of security policies, and at a minimum enforce: Device passcode Regular device passcode change Wipe on repeated device passcode failure Remote wipe Disable screenshot capture on the device In addition, schools are advised to ensure the following are in-place for devices that are authorised for access to the SIMS Teacher app service: Security tag devices. Conduct a regular physical audit of devices. Supply users with best practice advice and a governance policy for use and storage of the devices. Capita Children s Services Page 25 of 26

Device loss In the event of a device loss, the following best-practice advice is recommended: 1. Immediately attempt a remote wipe of the device if possible. 2. Disable the teacher s SIMS account for at least 24 hours to be certain the session has expired. 3. Reset the SIMS password for the teacher. 4. Reset the Microsoft or Google account for the teacher. 5. Deactivate / revoke the device and the account in the SIMS Teacher app service management console. 6. Re-activate the user through a new device association and teacher account activation code after 24 hours. Two-factor (2-FA) authentication for Administrator and Teacher Access Capita Children s Services recommend that schools enable two-factor (2-FA) authentication for their SIMS Teacher app administrator and teacher access account (Microsoft, Office 365 or Google) as an extra layer of security. Two-factor authentication provides an increased level of security for Microsoft, Office 365 or Google accounts as additional information will be required to access an associated account. Two-factor authentication is enabled within the Microsoft, Office 365 or Google account (not within the SIMS Teacher app) and when setup, each time the user accesses the SIMS Teacher app they will be asked for two pieces of information in addition to their username. The user will be asked to enter their password plus a security code and they will only gain access to the system with these details. Microsoft or Google will send a unique access code to the user s designated mobile phone via SMS, to a Microsoft or Google app, or via email. This code will provide secure access to the SIMS Teacher app system. Important Note: Two-factor verification is a great tool to help protect a Microsoft or Google account, but it does require the user to keep their account up to date and ensure all login details are kept securely. If the user s security information changes (phone or alternative email), it s important to update their Microsoft or Google account before they discard of any old information. If the user knows their password but lose access to their secondary security proof, Capita Children s Services or Microsoft or Google customer support cannot update it for them. The user s only option is to go through a recovery process that enforces a 30 day wait before they regain access to their account this is to ensure someone malicious hasn t used this as a way to take over their account. Office 365 users should contact their O365 administrator. If the user loses access to their password AND all OTHER security information, they will not be able to regain access to their account this is a security measure. A new teacher app account will need to be setup in the management console and the teacher will need to re-authenticate with a different Microsoft or Google account. More information on how to enable two-factor (2-FA) authentication for Microsoft accounts is available from the Microsoft website. More information on how to enable two-factor (2-FA) authentication for Google accounts is available from the Google website. For information on how to keep information protected please also see http://www.getsafeonline.org/ Capita Children s Services Page 26 of 26